Distributed encryption authentication methods and systems
Abstract
A method and system for providing authentication of mutual strangers is provided. For one embodiment, a plurality of routes from an origination node of a network to a recipient node of the network are determined, a portion of the routes is selected, and shares of a random secret key are generated with each share corresponding to one of the routes. Each share of the random secret key is transmitted via the corresponding route. In accordance with one embodiment of the invention, shares of a random key are encoded and the random key is relayed via multiple routes through a network employing a cryptographically strong forward security system. At the destination, shares are recombined to reconstruct the key, and the recipient verifies the integrity of the key with the sender. If the key is intact it is used for authentication or encryption in future communication between the sender and recipient.
Claims
exact text as granted — not AI-modified1 . A method comprising:
determining a plurality of routes from a message origination node of a network to a message recipient node of the network; selecting a portion of the plurality of routes; generating shares of a random secret key, each share corresponding to one of the routes of the portion of the plurality of routes; and transmitting each share of the random secret key via the corresponding route.
2 . The method of claim 1 further comprising:
receiving the transmitted shares at the destination node; and using the shares to reconstruct the random secret key.
3 . The method of claim 1 wherein the network is selected from the group consisting of a physical network and a virtual network.
4 . The method of claim 2 further comprising:
verifying that the random secret key was reconstructed properly.
5 . The method of claim 2 employing an (n, k) secret sharing scheme.
6 . The method of claim 4 further comprising:
detecting failure nodes of the network; and excluding routes that contain failure nodes from the portion of selected routes.
7 . The method of claim 1 wherein the network implements a cryptographically strong forward security system.
8 . The method of claim 7 wherein the cryptographically strong forward security system utilizes a quantum key distribution system.
9 . The method of claim 1 wherein the plurality of routes is dynamically determined.
10 . A network employing a cryptographically strong forward security comprising:
means for determining a plurality of routes from a message origination node of the network to a message recipient node of the network; means for selecting a portion of the plurality of routes; means for generating shares of a random secret key, each share corresponding to one of the routes of the portion of the plurality of routes; and means transmitting each share of the random secret key via the corresponding route.
11 . The network of claim 10 further comprising:
receiving the transmitted shares at the destination node; and using the shares to reconstruct the random secret key.
12 . The network of claim 10 wherein the network is selected from the group consisting of a physical network and a virtual network.
13 . The network of claim 11 further comprising:
verifying that the random secret key was reconstructed properly.
14 . The network of claim 10 employing an (n, k) secret sharing scheme.
15 . The network of claim 13 further comprising:
detecting failure nodes of the network; and excluding routes that contain failure nodes from the portion of selected routes.
16 . The network of claim 10 wherein the network implements a cryptographically strong forward security system.
17 . The network of claim 16 wherein the cryptographically strong forward security system utilizes a quantum key distribution system.
18 . The network of claim 10 wherein the plurality of routes is dynamically determined.
19 . A machine-readable medium that provides executable instructions, which when executed by a processor, cause the processor to perform a method, the method comprising:
determining a plurality of routes from a message origination node of a network to a message recipient node of the network; selecting a portion of the plurality of routes; generating shares of a random secret key, each share corresponding to one of the routes of the portion of the plurality of routes; and transmitting each share of the random secret key via the corresponding route.
20 . The machine-readable medium of claim 19 further comprising:
receiving the transmitted shares at the destination node; and using the shares to reconstruct the random secret key.
21 . The machine-readable medium of claim 20 wherein the network is selected from the group consisting of a physical network and a virtual network.
22 . The machine-readable medium of claim 20 further comprising:
verifying that the random secret key was reconstructed properly.
23 . The machine-readable medium of claim 19 employing an (n, k) secret sharing scheme.
24 . The machine-readable medium of claim 22 further comprising:
detecting failure nodes of the network; and excluding routes that contain failure nodes from the portion of selected routes.
25 . The machine-readable medium of claim 19 wherein the network implements a cryptographically strong forward security system.
26 . The machine-readable medium of claim 25 wherein the cryptographically strong forward security system utilizes a quantum key distribution system.
27 . The machine-readable medium of claim 19 wherein the plurality of routes is dynamically determined.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.